Major revamp and restructuring of k8s setup:

* replicated etcd setup for redundancy
* use Flannel network overlay
* naming conventions
* new repo structure
* etc.

base/configuration.nix

@@ -0,0 +1,40 @@
+{ config, pkgs, ... }:
+{
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/sda";
+  boot.kernel.sysctl."vm.overcommit_memory"= 1;
+
+  services.vmwareGuest.enable = true;
+
+  # Select internationalisation properties.
+  i18n = {
+     consoleFont = "Lat2-Terminus16";
+     consoleKeyMap = "us";
+     defaultLocale = "en_US.UTF-8";
+  };
+
+  # Set your time zone.
+  time.timeZone = "Europe/Oslo";
+
+  networking.search = [ "itpartner.intern" "itpartner.no" ];
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+
+  # The NixOS release to be compatible with for stateful data such as databases.
+  system.stateVersion = "17.03";
+  programs.zsh.enable = true;
+  programs.tmux.enable = true;
+
+  virtualisation.docker.enable = true;
+
+  security.rtkit.enable = true;
+
+  fileSystems."/data" = {
+     device = "10.253.18.103:/data";
+     fsType = "nfs";
+   };
+
+  imports = [ ./users.nix ./packages.nix ];
+}

base/nix-home.nix

@@ -0,0 +1,38 @@
+{ stdenv, python, fetchFromGitHub }:
+stdenv.mkDerivation rec {
+  version = "0.3.2";
+  name = "nix-home-${version}";
+
+  src = fetchFromGitHub {
+    rev = version;
+    repo = "nix-home";
+    owner = "sheenobu";
+    sha256 = "0l27vg651s9mmq0sypxgrrdq9386rhjbgh9wilzm3dmr0d2j9mwa";
+  };
+
+  patchPhase = ''
+    substituteInPlace nix-home --replace "NIXHOME" "$out/nix/lib"
+    substituteInPlace nix-build-home --replace "NIXHOME" "$out/nix/lib"
+  '';
+
+  installPhase = ''
+    # install binary
+    mkdir -p $out/bin
+    cp nix-home $out/bin
+    cp nix-build-home $out/bin
+    chmod +x $out/bin/nix-build-home
+    chmod +x $out/bin/nix-home
+
+    # install nix-home lib
+    mkdir -p $out/nix
+    cp -a lib $out/nix
+  '';
+
+  meta = {
+    homepage = https://github.com/sheenobu/nix-home;
+    description = "Per-user configuration management via Nix";
+    licenses = [ stdenv.lib.license.mit ];
+    platforms = stdenv.lib.platforms.unix;
+    inherit version;
+  };
+}

base/packages.nix

@@ -0,0 +1,64 @@
+{ config, pkgs, ... }:
+let
+  nix-home = pkgs.callPackage ./nix-home.nix {};
+in
+  {
+    nixpkgs.config.allowUnfree = true;
+
+    environment.systemPackages =
+      with pkgs;
+      let
+        sys = [
+          stdenv
+          findutils
+          coreutils
+          psmisc
+          iputils
+          nettools
+          netcat
+          rsync
+          htop
+          iotop
+          zsh
+          wget
+          vimNox
+          python
+          file
+          bc
+          sshuttle
+          nix-prefetch-git
+          docker
+          nix-home
+        ];
+        devel = [
+          git
+          patchelf
+          binutils
+          gcc
+        ];
+        dotnet = with dotnetPackages; [
+          fsharp
+          mono-addins
+          mono
+          Fake
+          Paket
+        ];
+        node = with nodePackages; [
+          nodejs
+          npm
+          npm2nix
+          yo
+          gulp
+        ];
+        k8s = [
+          ebtables
+          ethtool
+          socat
+        ];
+      in
+      devel ++
+      dotnet ++
+      node ++
+      k8s ++
+      sys;
+}

base/users.nix

@@ -0,0 +1,42 @@
+{ pkgs, ... }:
+{
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+   users.extraUsers.itpartner = {
+     description = "Serit IT Partner Tromsø";
+     home = "/home/itpartner";
+     extraGroups = [
+       "users"
+       "wheel"
+       "root"
+       "adm"
+       "docker"
+     ];
+     uid = 1000;
+     isNormalUser = true;
+     createHome = true;
+     useDefaultShell = false;
+     shell = pkgs.zsh;
+     openssh.authorizedKeys.keys = [
+        "ssh-dss AAAAB3NzaC1kc3MAAACBANmiPELldjlhW4SKi9NVVN8DIpRouRj2j/v0ycySHYJv0lCE2ATggXMWY/T25eqMTEtwT7U+7g0MIHxR+GLFLpp6N7CiKh3pS0nj4Ig+f9hX2PF5HR6fOgQVCWcNrQTOV6jjZqWjbZpKYDpVfwHZxWrhgAv+9I+w0MHICulDca5RAAAAFQCjmmSZGG137bgGuLPXZkyvc8DXswAAAIB1bMTmPWS1qsZ5H4hgzoKcW+5b+yD7Yn62GFmZS/n4RdyJt7gBJwxukXaTs9B5g922lem4Tk6W6kslCzAu6Y7JDOkhX/hWasb6fGdCmmK/btqwi2imGeVJImAoFoTKfm4JprKcOmSATGMgTlzFHYFDpngyZ9pFnyubI829zfzNTwAAAIEAhwQwqEhBOT8cEKZRiDExi7jBk7zRKYhX1Wb6uUKI07qQFTLehUIahirHxqXcDhlcxzgHcwXKt6CBPYvre9qhqP6865Be/KecYycntVsx/o77Hv5bqETXojhLhb8I3hD1UnxIJ1FXVOnhL+SbO46oICsghBApDtgTX9iRFnuw0fU= jonas"
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvIIQoi0aM2XmX7evnte/sQTCczSYYg0O0KT7g6Xao4nAoiMZ7udxOijd0vD8VBRSVuz6epcuPLsD0z6skiCJFpT0gG0KkTS6dLZMD3+KOvmvolpuGvRv6Ad/bO05YUvGHJAPdwwCxcXajtBoHOd+KUq8xBqyexgi20i+4P/JulY+RQKPlnQHlb6glcDAjt9RPh96t9T5lCoMAqMWtzV9GZE8/H+o6nMf9pxTjxT/oW/8EKZVgDgCSnpZg668Xj0UNcJW/ba3kSpjUsrdvZgM1E3TVgJ/YZDpM01m9hHS7PBcsJu6RyUMhamAVlsYS4Vy2ylU5rYAPTh23CZh24KD3+AtzTd9vhDNLz+KNKDzgW5b3IHoOyXG78RtPw7gHBGlGQc9OlJqTSLZAFWE2PNP1Pa6q0mqWcJuakSwyQoHvS+8PgEBr0eKKebwuXauuft1DvMNpi9SFxJY5Oy7ck62WzbBDNFDOTdNabXUV/QdOv5Zc2XrUCkr6C1dk57C0G8KTJCkqZIV1XMYZIlDZPuqlK8jZdPjRAnRmkYvvitb0FsvixpsWll1PRj9bYYZ01xX6djuDRvc1FeRG199HKOVWN53l9EMTpy0coxl2hZpbnyfxLdS/tkPkoSuWeY/MKWrn4yd1Q2+edjhTvnn6o6kfnKXKBkuoQvdaX/nyig+X+Q== august.s.solvang@gmail.com"
+     ];
+  };
+
+  users.extraUsers.root.openssh.authorizedKeys.keys = [
+    "ssh-dss AAAAB3NzaC1kc3MAAACBANmiPELldjlhW4SKi9NVVN8DIpRouRj2j/v0ycySHYJv0lCE2ATggXMWY/T25eqMTEtwT7U+7g0MIHxR+GLFLpp6N7CiKh3pS0nj4Ig+f9hX2PF5HR6fOgQVCWcNrQTOV6jjZqWjbZpKYDpVfwHZxWrhgAv+9I+w0MHICulDca5RAAAAFQCjmmSZGG137bgGuLPXZkyvc8DXswAAAIB1bMTmPWS1qsZ5H4hgzoKcW+5b+yD7Yn62GFmZS/n4RdyJt7gBJwxukXaTs9B5g922lem4Tk6W6kslCzAu6Y7JDOkhX/hWasb6fGdCmmK/btqwi2imGeVJImAoFoTKfm4JprKcOmSATGMgTlzFHYFDpngyZ9pFnyubI829zfzNTwAAAIEAhwQwqEhBOT8cEKZRiDExi7jBk7zRKYhX1Wb6uUKI07qQFTLehUIahirHxqXcDhlcxzgHcwXKt6CBPYvre9qhqP6865Be/KecYycntVsx/o77Hv5bqETXojhLhb8I3hD1UnxIJ1FXVOnhL+SbO46oICsghBApDtgTX9iRFnuw0fU= jonas"
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvIIQoi0aM2XmX7evnte/sQTCczSYYg0O0KT7g6Xao4nAoiMZ7udxOijd0vD8VBRSVuz6epcuPLsD0z6skiCJFpT0gG0KkTS6dLZMD3+KOvmvolpuGvRv6Ad/bO05YUvGHJAPdwwCxcXajtBoHOd+KUq8xBqyexgi20i+4P/JulY+RQKPlnQHlb6glcDAjt9RPh96t9T5lCoMAqMWtzV9GZE8/H+o6nMf9pxTjxT/oW/8EKZVgDgCSnpZg668Xj0UNcJW/ba3kSpjUsrdvZgM1E3TVgJ/YZDpM01m9hHS7PBcsJu6RyUMhamAVlsYS4Vy2ylU5rYAPTh23CZh24KD3+AtzTd9vhDNLz+KNKDzgW5b3IHoOyXG78RtPw7gHBGlGQc9OlJqTSLZAFWE2PNP1Pa6q0mqWcJuakSwyQoHvS+8PgEBr0eKKebwuXauuft1DvMNpi9SFxJY5Oy7ck62WzbBDNFDOTdNabXUV/QdOv5Zc2XrUCkr6C1dk57C0G8KTJCkqZIV1XMYZIlDZPuqlK8jZdPjRAnRmkYvvitb0FsvixpsWll1PRj9bYYZ01xX6djuDRvc1FeRG199HKOVWN53l9EMTpy0coxl2hZpbnyfxLdS/tkPkoSuWeY/MKWrn4yd1Q2+edjhTvnn6o6kfnKXKBkuoQvdaX/nyig+X+Q== august.s.solvang@gmail.com"
+  ];
+
+  security.sudo.wheelNeedsPassword = false;
+  security.sudo.extraConfig =
+    ''
+      Defaults:root,%wheel env_keep+=LOCALE_ARCHIVE
+      Defaults:root,%wheel env_keep+=NIX_PATH
+      Defaults:root,%wheel env_keep+=TERMINFO_DIRS
+      Defaults env_keep+=SSH_AUTH_SOCK
+      Defaults lecture=never
+      Defaults shell_noargs
+      root   ALL=(ALL) SETENV: ALL
+      %wheel ALL=(ALL) NOPASSWD: ALL, SETENV: ALL
+     '';
+}

base/workstation.nix

@@ -0,0 +1,21 @@
+{ pkgs, ... }:
+{
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+  services.printing.drivers = [ pkgs.hplipWithPlugin ];
+
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+  services.xserver.enableCtrlAltBackspace = true;
+  services.xserver.layout = "us";
+  services.xserver.xkbVariant = "altgr-intl";
+  services.xserver.xkbOptions = "eurosign:e";
+
+  # Enable XMonad
+  services.xserver.displayManager.slim.enable = true;
+  services.xserver.displayManager.slim.defaultUser = "jonas";
+  services.xserver.desktopManager.gnome3.enable = true;
+  services.xserver.desktopManager.xterm.enable = false;
+  services.xserver.windowManager.xmonad.enable = true;
+  services.xserver.windowManager.xmonad.enableContribAndExtras = true;
+}